Help with CryptoWall and Ransomware
Fast and affordable security assistance for CryptoWall and ransomware infections
Ransomware - which encrypts and hold your vital systems and data for ransom - continues flexing corrupting muscles on computers and users worldwide. CryptoWall “ransomware” first appeared in February 2014, and by October, the UK Register revealed that 830,000 victims had been victimized. Since then, ransomware has become big business, with 2016 Revenue Estimated at $1B! This major financial industry targets small and medium businesses, with a recent survey showing that 50% of small businesses have been breached in last 12 months.
Like many other forms of malware, ransomware often enters business networks through email. One particularly scary aspect is that it can spread via “malvertising,” such as the case of compromised banner ads on Yahoo, AOL, and MSN. The infection is transmitted via Flash, so if a user simply visits an affected website with Flash enabled in their browsers, the user’s PC can be infected without even clicking on anything malicious. This means most antivirus programs are unable to prevent ransomware, leaving any computer and user vulnerable.
Our security experts at CMIT Solutions of Northern Virginia can help limit the damages done by ransomware by removing it and assisting with data recovery. Time is critical -- the sooner we can help, the less chances your valuable data gets encrypted or lost for good.
How does ransomware work?
Once the threat gets inside a host computer, it connects to illicit servers; uploads sensitive info like your public IP address, location, and system information; and generates a random encryption key. The encryption key begins copying individual files -- both on your computer and on any mapped external drive, shared network, and cloud-based storage. Once encrypted copies of those files are created, originals are deleted from the hard drive, preventing you from accessing them.
How do you know whether you’ve been infected by ransomware?
- If you attempt to open a file and the data is jumbled or not displaying properly; and
- If you attempt to open a file and get something like “DECRYPT_INSTRUCTION” instead.
You will receive instructions to pay a ransom (usually around $500-$1,000) and obtain a decryption key. Take note, that key to retrieve data may or may not work. Even when it does work, it’s a time-consuming task. If you notice your computer is slower than usual before you see either of the two signs above, it’s possible ransomware is already at work.
Would you like to know more? Download our ransomeware white paper here.
What can I do to avoid infection?
Due to the slippery “malvertising” aspect of CryptoWall and its continually evolving form (funded by successful ransoms), stopping it requires more than just an antivirus and firewall solution. Limiting administrative rights for user PCs, applying DNS filters, implementing strict browser settings, and employing constantly updated behavioral anti-spyware can help. But these are complicated measures that most business owners don’t have the time or ability to keep up with. Only nonstop vigilance can properly address the CryptoWall threat -- and that kind of 24/7 service is what an IT professional like CMIT Solutions of Northern Virginia specializes in.
Today, most software updates -- whether for your mobile devices, desktop, laptop, server, or network gear -- include security improvements intended to address discovered flaws. You can help reduce the exposure of your devices, systems, and network by installing updates as soon as they become available.
Businesses should be creating comprehensive image-based offsite backups multiple times a day. If a virus like CryptoWall hits a 20-person firm at 4:00 PM and that firm has to rely on an encrypted backup from the night before to get up and running again, their employees will lose an entire day of work. Remember, a local backup plugged into a computer will still be susceptible to CryptoWall if it infects your system!
Although CryptoWall can be found in Flash-based “malvertising,” it can still arrive in email, so email security is still paramount. Never open attachments you aren’t expecting -- even if they appear to come from legitimate-looking email accounts.
Malicious links arrive in spam emails every day (many are disguised as FedEx, UPS, or USPS shipping updates). Make sure you hover over all links and look for legitimate IP addresses (and not long strings of random characters) before clicking. All it takes is one click on a bad link by one employee to compromise the data of your entire company. Avoiding the threat of viruses like CryptoWall is possible with diligent and continuously updated security measures. But accidents can happen, which makes a strong backup solution critical to the success of your business.
Today, most email services come with a basic spam management capability to help manage obvious spam. But dedicated, business-class email security/spam filtering solutions offer more advanced protection through improved feature sets for spam detection and handling, and also can prevent spam and attached malware or links from ever entering your email system and IT infrastructure. If it stays out, it can’t infect your network and encrypt your vital business data.
Guardian Backup & Disaster Recovery
Be well-prepared to maintain resilience during a major disaster with best-practice strategies that save your data and business.
Cloud Services
Enable your company to be nimble, productive, and cost-effective by moving your day-to-day processes to a cloud platform that fits your business.
CMIT Voice Phone Systems
Upgrade to the best VoIP solution for small- and medium-sized businesses and get reliable, top-quality voice service with higher cost savings.
CMIT Impression MondoPad
Enjoy more productive meetings, more immersive content, and more engaged audiences with a giant tablet that opens a world of possibilities.